]>
git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/criu.c
2 * lxc: linux Container library
4 * Copyright © 2014-2015 Canonical Ltd.
7 * Tycho Andersen <tycho.andersen@canonical.com>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
28 #include <linux/limits.h>
33 #include <sys/mount.h>
34 #include <sys/types.h>
48 #include "syscall_wrappers.h"
52 #include <../include/lxcmntent.h>
58 #include "include/strlcpy.h"
61 #define CRIU_VERSION "2.0"
63 #define CRIU_GITID_VERSION "2.0"
64 #define CRIU_GITID_PATCHLEVEL 0
66 #define CRIU_IN_FLIGHT_SUPPORT "2.4"
67 #define CRIU_EXTERNAL_NOT_VETH "2.8"
69 lxc_log_define(criu
, lxc
);
72 /* the thing to hook to stdout and stderr for logging */
75 /* The type of criu invocation, one of "dump" or "restore" */
78 /* the user-provided migrate options relevant to this action */
79 struct migrate_opts
*user
;
81 /* The container to dump */
82 struct lxc_container
*c
;
84 /* dump: stop the container or not after dumping? */
85 char tty_id
[32]; /* the criu tty id for /dev/console, i.e. "tty[${rdev}:${dev}]" */
87 /* restore: the file to write the init process' pid into */
88 struct lxc_handler
*handler
;
90 /* The path that is bind mounted from /dev/console, if any. We don't
91 * want to use `--ext-mount-map auto`'s result here because the pts
92 * device may have a different path (e.g. if the pty number is
93 * different) on the target host. NULL if lxc.console.path = "none".
97 /* The detected version of criu */
101 static int load_tty_major_minor(char *directory
, char *output
, int len
)
107 ret
= snprintf(path
, sizeof(path
), "%s/tty.info", directory
);
108 if (ret
< 0 || ret
>= sizeof(path
)) {
109 ERROR("snprintf'd too many characters: %d", ret
);
113 f
= fopen(path
, "r");
115 /* This means we're coming from a liblxc which didn't export
116 * the tty info. In this case they had to have lxc.console.path
117 * = * none, so there's no problem restoring.
122 SYSERROR("couldn't open %s", path
);
126 if (!fgets(output
, len
, f
)) {
128 SYSERROR("couldn't read %s", path
);
136 static int cmp_version(const char *v1
, const char *v2
)
139 int oct_v1
[3], oct_v2
[3];
141 memset(oct_v1
, -1, sizeof(oct_v1
));
142 memset(oct_v2
, -1, sizeof(oct_v2
));
144 ret
= sscanf(v1
, "%d.%d.%d", &oct_v1
[0], &oct_v1
[1], &oct_v1
[2]);
148 ret
= sscanf(v2
, "%d.%d.%d", &oct_v2
[0], &oct_v2
[1], &oct_v2
[2]);
152 /* Major version is greater. */
153 if (oct_v1
[0] > oct_v2
[0])
156 if (oct_v1
[0] < oct_v2
[0])
159 /* Minor number is greater.*/
160 if (oct_v1
[1] > oct_v2
[1])
163 if (oct_v1
[1] < oct_v2
[1])
166 /* Patch number is greater. */
167 if (oct_v1
[2] > oct_v2
[2])
170 /* Patch numbers are equal. */
171 if (oct_v1
[2] == oct_v2
[2])
177 static void exec_criu(struct cgroup_ops
*cgroup_ops
, struct lxc_conf
*conf
,
178 struct criu_opts
*opts
)
180 char **argv
, log
[PATH_MAX
];
181 int static_args
= 23, argc
= 0, i
, ret
;
185 struct mntent mntent
;
187 char buf
[4096], ttys
[32];
190 /* If we are currently in a cgroup /foo/bar, and the container is in a
191 * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the
192 * container has an open fd that points to one of the cgroup files
193 * (systemd always opens its "root" cgroup). So, let's escape to the
194 * /actual/ root cgroup so that lxcfs thinks criu has enough rights to
197 if (!cgroup_ops
->escape(cgroup_ops
, conf
)) {
198 ERROR("failed to escape cgroups");
202 /* The command line always looks like:
203 * criu $(action) --tcp-established --file-locks --link-remap \
204 * --manage-cgroups=full --action-script foo.sh -D $(directory) \
205 * -o $(directory)/$(action).log --ext-mount-map auto
206 * --enable-external-sharing --enable-external-masters
207 * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n
208 * +1 for final NULL */
210 if (strcmp(opts
->action
, "dump") == 0 || strcmp(opts
->action
, "pre-dump") == 0) {
211 /* -t pid --freeze-cgroup /lxc/ct */
214 /* --prev-images-dir <path-to-directory-A-relative-to-B> */
215 if (opts
->user
->predump_dir
)
218 /* --page-server --address <address> --port <port> */
219 if (opts
->user
->pageserver_address
&& opts
->user
->pageserver_port
)
222 /* --leave-running (only for final dump) */
223 if (strcmp(opts
->action
, "dump") == 0 && !opts
->user
->stop
)
226 /* --external tty[88,4] */
231 if (!opts
->user
->preserves_inodes
)
234 /* --ghost-limit 1024 */
235 if (opts
->user
->ghost_limit
)
237 } else if (strcmp(opts
->action
, "restore") == 0) {
238 /* --root $(lxc_mount_point) --restore-detached
240 * --lsm-profile apparmor:whatever
245 if (load_tty_major_minor(opts
->user
->directory
, ttys
, sizeof(ttys
)))
248 /* --inherit-fd fd[%d]:tty[%s] */
255 if (cgroup_ops
->num_hierarchies(cgroup_ops
) > 0)
256 static_args
+= 2 * cgroup_ops
->num_hierarchies(cgroup_ops
);
258 if (opts
->user
->verbose
)
261 if (opts
->user
->action_script
)
264 static_args
+= 2 * lxc_list_len(&opts
->c
->lxc_conf
->mount_list
);
266 ret
= snprintf(log
, PATH_MAX
, "%s/%s.log", opts
->user
->directory
, opts
->action
);
267 if (ret
< 0 || ret
>= PATH_MAX
) {
268 ERROR("logfile name too long");
272 argv
= malloc(static_args
* sizeof(*argv
));
276 memset(argv
, 0, static_args
* sizeof(*argv
));
278 #define DECLARE_ARG(arg) \
281 ERROR("Got NULL argument for criu"); \
284 argv[argc++] = strdup(arg); \
289 argv
[argc
++] = on_path("criu", NULL
);
291 ERROR("Couldn't find criu binary");
295 DECLARE_ARG(opts
->action
);
296 DECLARE_ARG("--tcp-established");
297 DECLARE_ARG("--file-locks");
298 DECLARE_ARG("--link-remap");
299 DECLARE_ARG("--manage-cgroups=full");
300 DECLARE_ARG("--ext-mount-map");
302 DECLARE_ARG("--enable-external-sharing");
303 DECLARE_ARG("--enable-external-masters");
304 DECLARE_ARG("--enable-fs");
305 DECLARE_ARG("hugetlbfs");
306 DECLARE_ARG("--enable-fs");
307 DECLARE_ARG("tracefs");
309 DECLARE_ARG(opts
->user
->directory
);
313 for (i
= 0; i
< cgroup_ops
->num_hierarchies(cgroup_ops
); i
++) {
314 char **controllers
= NULL
, *fullname
;
317 if (!cgroup_ops
->get_hierarchies(cgroup_ops
, i
, &controllers
)) {
318 ERROR("failed to get hierarchy %d", i
);
322 /* if we are in a dump, we have to ask the monitor process what
323 * the right cgroup is. if this is a restore, we can just use
324 * the handler the restore task created.
326 if (!strcmp(opts
->action
, "dump") || !strcmp(opts
->action
, "pre-dump")) {
327 path
= lxc_cmd_get_cgroup_path(opts
->c
->name
, opts
->c
->config_path
, controllers
[0]);
329 ERROR("failed to get cgroup path for %s", controllers
[0]);
335 p
= cgroup_ops
->get_cgroup(cgroup_ops
, controllers
[0]);
337 ERROR("failed to get cgroup path for %s", controllers
[0]);
343 ERROR("strdup failed");
348 tmp
= lxc_deslashify(path
);
350 ERROR("Failed to remove extraneous slashes from \"%s\"",
358 fullname
= lxc_string_join(",", (const char **) controllers
, false);
360 ERROR("failed to join controllers");
365 ret
= sprintf(buf
, "%s:%s", fullname
, path
);
368 if (ret
< 0 || ret
>= sizeof(buf
)) {
369 ERROR("sprintf of cgroup root arg failed");
373 DECLARE_ARG("--cgroup-root");
377 if (opts
->user
->verbose
)
380 if (opts
->user
->action_script
) {
381 DECLARE_ARG("--action-script");
382 DECLARE_ARG(opts
->user
->action_script
);
385 mnts
= make_anonymous_mount_file(&opts
->c
->lxc_conf
->mount_list
,
386 opts
->c
->lxc_conf
->lsm_aa_allow_nesting
);
390 while (getmntent_r(mnts
, &mntent
, buf
, sizeof(buf
))) {
392 char arg
[2 * PATH_MAX
+ 2];
395 if (parse_mntopts(mntent
.mnt_opts
, &flags
, &mntdata
) < 0)
400 /* only add --ext-mount-map for actual bind mounts */
401 if (!(flags
& MS_BIND
))
404 if (strcmp(opts
->action
, "dump") == 0)
405 ret
= snprintf(arg
, sizeof(arg
), "/%s:%s",
406 mntent
.mnt_dir
, mntent
.mnt_dir
);
408 ret
= snprintf(arg
, sizeof(arg
), "%s:%s",
409 mntent
.mnt_dir
, mntent
.mnt_fsname
);
410 if (ret
< 0 || ret
>= sizeof(arg
)) {
412 ERROR("snprintf failed");
416 DECLARE_ARG("--ext-mount-map");
421 if (strcmp(opts
->action
, "dump") == 0 || strcmp(opts
->action
, "pre-dump") == 0) {
422 char pid
[32], *freezer_relative
;
424 if (sprintf(pid
, "%d", opts
->c
->init_pid(opts
->c
)) < 0)
430 freezer_relative
= lxc_cmd_get_cgroup_path(opts
->c
->name
,
431 opts
->c
->config_path
,
433 if (!freezer_relative
) {
434 ERROR("failed getting freezer path");
438 ret
= snprintf(log
, sizeof(log
), "/sys/fs/cgroup/freezer/%s", freezer_relative
);
439 if (ret
< 0 || ret
>= sizeof(log
))
442 if (!opts
->user
->disable_skip_in_flight
&&
443 strcmp(opts
->criu_version
, CRIU_IN_FLIGHT_SUPPORT
) >= 0)
444 DECLARE_ARG("--skip-in-flight");
446 DECLARE_ARG("--freeze-cgroup");
449 if (opts
->tty_id
[0]) {
450 DECLARE_ARG("--ext-mount-map");
451 DECLARE_ARG("/dev/console:console");
453 DECLARE_ARG("--external");
454 DECLARE_ARG(opts
->tty_id
);
457 if (opts
->user
->predump_dir
) {
458 DECLARE_ARG("--prev-images-dir");
459 DECLARE_ARG(opts
->user
->predump_dir
);
460 DECLARE_ARG("--track-mem");
463 if (opts
->user
->pageserver_address
&& opts
->user
->pageserver_port
) {
464 DECLARE_ARG("--page-server");
465 DECLARE_ARG("--address");
466 DECLARE_ARG(opts
->user
->pageserver_address
);
467 DECLARE_ARG("--port");
468 DECLARE_ARG(opts
->user
->pageserver_port
);
471 if (!opts
->user
->preserves_inodes
)
472 DECLARE_ARG("--force-irmap");
474 if (opts
->user
->ghost_limit
) {
475 char ghost_limit
[32];
477 ret
= sprintf(ghost_limit
, "%"PRIu64
, opts
->user
->ghost_limit
);
478 if (ret
< 0 || ret
>= sizeof(ghost_limit
)) {
479 ERROR("failed to print ghost limit %"PRIu64
, opts
->user
->ghost_limit
);
483 DECLARE_ARG("--ghost-limit");
484 DECLARE_ARG(ghost_limit
);
487 /* only for final dump */
488 if (strcmp(opts
->action
, "dump") == 0 && !opts
->user
->stop
)
489 DECLARE_ARG("--leave-running");
490 } else if (strcmp(opts
->action
, "restore") == 0) {
493 struct lxc_conf
*lxc_conf
= opts
->c
->lxc_conf
;
495 DECLARE_ARG("--root");
496 DECLARE_ARG(opts
->c
->lxc_conf
->rootfs
.mount
);
497 DECLARE_ARG("--restore-detached");
498 DECLARE_ARG("--restore-sibling");
501 if (opts
->console_fd
< 0) {
502 ERROR("lxc.console.path configured on source host but not target");
506 ret
= snprintf(buf
, sizeof(buf
), "fd[%d]:%s", opts
->console_fd
, ttys
);
507 if (ret
< 0 || ret
>= sizeof(buf
))
510 DECLARE_ARG("--inherit-fd");
513 if (opts
->console_name
) {
514 if (snprintf(buf
, sizeof(buf
), "console:%s", opts
->console_name
) < 0) {
515 SYSERROR("sprintf'd too many bytes");
517 DECLARE_ARG("--ext-mount-map");
521 if (lxc_conf
->lsm_aa_profile
|| lxc_conf
->lsm_se_context
) {
523 if (lxc_conf
->lsm_aa_profile
)
524 ret
= snprintf(buf
, sizeof(buf
), "apparmor:%s", lxc_conf
->lsm_aa_profile
);
526 ret
= snprintf(buf
, sizeof(buf
), "selinux:%s", lxc_conf
->lsm_se_context
);
528 if (ret
< 0 || ret
>= sizeof(buf
))
531 DECLARE_ARG("--lsm-profile");
535 additional
= lxc_list_len(&opts
->c
->lxc_conf
->network
) * 2;
537 m
= realloc(argv
, (argc
+ additional
+ 1) * sizeof(*argv
));
542 lxc_list_for_each(it
, &opts
->c
->lxc_conf
->network
) {
544 char eth
[128], *veth
;
545 struct lxc_netdev
*n
= it
->elem
;
546 bool external_not_veth
;
548 if (cmp_version(opts
->criu_version
, CRIU_EXTERNAL_NOT_VETH
) >= 0) {
549 /* Since criu version 2.8 the usage of --veth-pair
550 * has been deprecated:
551 * git tag --contains f2037e6d3445fc400
553 external_not_veth
= true;
555 external_not_veth
= false;
558 if (n
->name
[0] != '\0') {
559 retlen
= strlcpy(eth
, n
->name
, sizeof(eth
));
560 if (retlen
>= sizeof(eth
))
563 ret
= snprintf(eth
, sizeof(eth
), "eth%d", netnr
);
564 if (ret
< 0 || ret
>= sizeof(eth
))
570 veth
= n
->priv
.veth_attr
.pair
;
572 veth
= n
->priv
.veth_attr
.veth1
;
574 if (n
->link
[0] != '\0') {
575 if (external_not_veth
)
576 ret
= snprintf(buf
, sizeof(buf
),
581 ret
= snprintf(buf
, sizeof(buf
),
585 if (external_not_veth
)
586 ret
= snprintf(buf
, sizeof(buf
),
590 ret
= snprintf(buf
, sizeof(buf
),
594 if (ret
< 0 || ret
>= sizeof(buf
))
597 case LXC_NET_MACVLAN
:
598 if (n
->link
[0] == '\0') {
599 ERROR("no host interface for macvlan %s", n
->name
);
603 ret
= snprintf(buf
, sizeof(buf
), "macvlan[%s]:%s", eth
, n
->link
);
604 if (ret
< 0 || ret
>= sizeof(buf
))
611 /* we have screened for this earlier... */
612 ERROR("unexpected network type %d", n
->type
);
616 if (external_not_veth
)
617 DECLARE_ARG("--external");
619 DECLARE_ARG("--veth-pair");
631 for (i
= 0; argv
[i
]; i
++) {
632 ret
= snprintf(buf
+ pos
, sizeof(buf
) - pos
, "%s ", argv
[i
]);
633 if (ret
< 0 || ret
>= sizeof(buf
) - pos
)
639 INFO("execing: %s", buf
);
641 /* before criu inits its log, it sometimes prints things to stdout/err;
642 * let's be sure we capture that.
644 if (dup2(opts
->pipefd
, STDOUT_FILENO
) < 0) {
645 SYSERROR("dup2 stdout failed");
649 if (dup2(opts
->pipefd
, STDERR_FILENO
) < 0) {
650 SYSERROR("dup2 stderr failed");
657 execv(argv
[0], argv
);
659 for (i
= 0; argv
[i
]; i
++)
665 * Function to check if the checks activated in 'features_to_check' are
666 * available with the current architecture/kernel/criu combination.
668 * Parameter features_to_check is a bit mask of all features that should be
669 * checked (see feature check defines in lxc/lxccontainer.h).
671 * If the return value is true, all requested features are supported. If
672 * the return value is false the features_to_check parameter is updated
673 * to reflect which features are available. '0' means no feature but
674 * also that something went totally wrong.
676 * Some of the code flow of criu_version_ok() is duplicated and maybe it
677 * is a good candidate for refactoring.
679 bool __criu_check_feature(uint64_t *features_to_check
)
682 uint64_t current_bit
= 0;
684 uint64_t features
= *features_to_check
;
685 /* Feature checking is currently always like
686 * criu check --feature <feature-name>
688 char *args
[] = { "criu", "check", "--feature", NULL
, NULL
};
690 if ((features
& ~FEATURE_MEM_TRACK
& ~FEATURE_LAZY_PAGES
) != 0) {
691 /* There are feature bits activated we do not understand.
692 * Refusing to answer at all */
693 *features_to_check
= 0;
697 while (current_bit
< (sizeof(uint64_t) * 8 - 1)) {
698 /* only test requested features */
699 if (!(features
& (1ULL << current_bit
))) {
707 SYSERROR("fork() failed");
708 *features_to_check
= 0;
713 if ((1ULL << current_bit
) == FEATURE_MEM_TRACK
)
714 /* This is needed for pre-dump support, which
715 * enables pre-copy migration. */
716 args
[3] = "mem_dirty_track";
717 else if ((1ULL << current_bit
) == FEATURE_LAZY_PAGES
)
718 /* CRIU has two checks for userfaultfd support.
720 * The simpler check is only for 'uffd'. If the
721 * kernel supports userfaultfd without noncoop
722 * then only process can be lazily restored
723 * which do not fork. With 'uffd-noncoop'
724 * it is also possible to lazily restore processes
725 * which do fork. For a container runtime like
726 * LXC checking only for 'uffd' makes not much sense. */
727 args
[3] = "uffd-noncoop";
733 execvp("criu", args
);
734 SYSERROR("Failed to exec \"criu\"");
738 ret
= wait_for_pid(pid
);
741 /* It is not known why CRIU failed. Either
742 * CRIU is not available, the feature check
743 * does not exist or the feature is not
745 INFO("feature not supported");
746 /* Clear not supported feature bit */
747 features
&= ~(1ULL << current_bit
);
751 /* no more checks requested; exit check loop */
752 if (!(features
& ~((1ULL << current_bit
)-1)))
755 if (features
!= *features_to_check
) {
756 *features_to_check
= features
;
763 * Check to see if the criu version is recent enough for all the features we
764 * use. This version allows either CRIU_VERSION or (CRIU_GITID_VERSION and
765 * CRIU_GITID_PATCHLEVEL) to work, enabling users building from git to c/r
766 * things potentially before a version is released with a particular feature.
768 * The intent is that when criu development slows down, we can drop this, but
769 * for now we shouldn't attempt to c/r with versions that we know won't work.
771 * Note: If version != NULL criu_version() stores the detected criu version in
772 * version. Allocates memory for version which must be freed by caller.
774 static bool criu_version_ok(char **version
)
779 if (pipe(pipes
) < 0) {
780 SYSERROR("pipe() failed");
786 SYSERROR("fork() failed");
791 char *args
[] = { "criu", "--version", NULL
};
795 close(STDERR_FILENO
);
796 if (dup2(pipes
[1], STDOUT_FILENO
) < 0)
799 path
= on_path("criu", NULL
);
811 if (wait_for_pid(pid
) < 0) {
813 SYSERROR("execing criu failed, is it installed?");
817 f
= fdopen(pipes
[0], "r");
829 if (fscanf(f
, "Version: %1023[^\n]s", tmp
) != 1)
832 if (fgetc(f
) != '\n')
835 if (strcmp(tmp
, CRIU_VERSION
) >= 0)
838 if (fscanf(f
, "GitID: v%1023[^-]s", tmp
) != 1)
844 if (fscanf(f
, "%d", &patch
) != 1)
847 if (strcmp(tmp
, CRIU_GITID_VERSION
) < 0)
850 if (patch
< CRIU_GITID_PATCHLEVEL
)
864 ERROR("must have criu " CRIU_VERSION
" or greater to checkpoint/restore");
869 /* Check and make sure the container has a configuration that we know CRIU can
871 static bool criu_ok(struct lxc_container
*c
, char **criu_version
)
876 ERROR("Must be root to checkpoint");
880 if (!criu_version_ok(criu_version
))
883 /* We only know how to restore containers with veth networks. */
884 lxc_list_for_each(it
, &c
->lxc_conf
->network
) {
885 struct lxc_netdev
*n
= it
->elem
;
890 case LXC_NET_MACVLAN
:
893 ERROR("Found un-dumpable network: %s (%s)", lxc_net_type_to_str(n
->type
), n
->name
);
896 *criu_version
= NULL
;
905 static bool restore_net_info(struct lxc_container
*c
)
909 bool has_error
= true;
911 if (container_mem_lock(c
))
914 lxc_list_for_each(it
, &c
->lxc_conf
->network
) {
915 struct lxc_netdev
*netdev
= it
->elem
;
916 char template[IFNAMSIZ
];
918 if (netdev
->type
!= LXC_NET_VETH
)
921 ret
= snprintf(template, sizeof(template), "vethXXXXXX");
922 if (ret
< 0 || ret
>= sizeof(template))
925 if (netdev
->priv
.veth_attr
.pair
[0] == '\0' &&
926 netdev
->priv
.veth_attr
.veth1
[0] == '\0') {
927 if (!lxc_mkifname(template))
930 (void)strlcpy(netdev
->priv
.veth_attr
.veth1
, template, IFNAMSIZ
);
937 container_mem_unlock(c
);
941 /* do_restore never returns, the calling process is used as the monitor process.
942 * do_restore calls _exit() if it fails.
944 static void do_restore(struct lxc_container
*c
, int status_pipe
, struct migrate_opts
*opts
, char *criu_version
)
948 struct lxc_handler
*handler
;
950 int pipes
[2] = {-1, -1};
951 struct cgroup_ops
*cgroup_ops
;
953 /* Try to detach from the current controlling tty if it exists.
954 * Otherwise, lxc_init (via lxc_console) will attach the container's
955 * console output to the current tty, which is probably not what any
956 * library user wants, and if they do, they can just manually configure
959 fd
= open("/dev/tty", O_RDWR
);
961 if (ioctl(fd
, TIOCNOTTY
, NULL
) < 0)
962 SYSERROR("couldn't detach from tty");
966 handler
= lxc_init_handler(c
->name
, c
->lxc_conf
, c
->config_path
, false);
970 if (lxc_init(c
->name
, handler
) < 0)
973 cgroup_ops
= cgroup_init(c
->lxc_conf
);
975 goto out_fini_handler
;
976 handler
->cgroup_ops
= cgroup_ops
;
978 if (!cgroup_ops
->payload_create(cgroup_ops
, handler
)) {
979 ERROR("failed creating groups");
980 goto out_fini_handler
;
983 if (!restore_net_info(c
)) {
984 ERROR("failed restoring network info");
985 goto out_fini_handler
;
988 ret
= resolve_clone_flags(handler
);
990 SYSERROR("Unsupported clone flag specified");
991 goto out_fini_handler
;
994 if (pipe2(pipes
, O_CLOEXEC
) < 0) {
995 SYSERROR("pipe() failed");
996 goto out_fini_handler
;
1001 goto out_fini_handler
;
1004 struct criu_opts os
;
1005 struct lxc_rootfs
*rootfs
;
1014 if (unshare(CLONE_NEWNS
))
1015 goto out_fini_handler
;
1017 /* CRIU needs the lxc root bind mounted so that it is the root of some
1019 rootfs
= &c
->lxc_conf
->rootfs
;
1021 if (rootfs_is_blockdev(c
->lxc_conf
)) {
1022 if (lxc_setup_rootfs_prepare_root(c
->lxc_conf
, c
->name
,
1023 c
->config_path
) < 0)
1024 goto out_fini_handler
;
1026 if (mkdir(rootfs
->mount
, 0755) < 0 && errno
!= EEXIST
)
1027 goto out_fini_handler
;
1029 if (mount(NULL
, "/", NULL
, MS_SLAVE
| MS_REC
, NULL
) < 0) {
1030 SYSERROR("remount / to private failed");
1031 goto out_fini_handler
;
1034 if (mount(rootfs
->path
, rootfs
->mount
, NULL
, MS_BIND
, NULL
) < 0) {
1035 rmdir(rootfs
->mount
);
1036 goto out_fini_handler
;
1040 os
.pipefd
= pipes
[1];
1041 os
.action
= "restore";
1044 os
.console_fd
= c
->lxc_conf
->console
.slave
;
1045 os
.criu_version
= criu_version
;
1046 os
.handler
= handler
;
1048 if (os
.console_fd
>= 0) {
1049 /* Twiddle the FD_CLOEXEC bit. We want to pass this FD to criu
1050 * via --inherit-fd, so we don't want it to close.
1052 flags
= fcntl(os
.console_fd
, F_GETFD
);
1054 SYSERROR("F_GETFD failed: %d", os
.console_fd
);
1055 goto out_fini_handler
;
1058 flags
&= ~FD_CLOEXEC
;
1060 if (fcntl(os
.console_fd
, F_SETFD
, flags
) < 0) {
1061 SYSERROR("F_SETFD failed");
1062 goto out_fini_handler
;
1065 os
.console_name
= c
->lxc_conf
->console
.name
;
1067 /* exec_criu() returning is an error */
1068 exec_criu(cgroup_ops
, c
->lxc_conf
, &os
);
1069 umount(rootfs
->mount
);
1070 rmdir(rootfs
->mount
);
1071 goto out_fini_handler
;
1078 pid_t w
= waitpid(pid
, &status
, 0);
1080 SYSERROR("waitpid");
1081 goto out_fini_handler
;
1084 if (WIFEXITED(status
)) {
1087 if (WEXITSTATUS(status
)) {
1090 n
= lxc_read_nointr(pipes
[0], buf
, sizeof(buf
));
1092 SYSERROR("failed reading from criu stderr");
1093 goto out_fini_handler
;
1096 if (n
== sizeof(buf
))
1100 ERROR("criu process exited %d, output:\n%s", WEXITSTATUS(status
), buf
);
1101 goto out_fini_handler
;
1103 ret
= snprintf(buf
, sizeof(buf
), "/proc/self/task/%lu/children", (unsigned long)syscall(__NR_gettid
));
1104 if (ret
< 0 || ret
>= sizeof(buf
)) {
1105 ERROR("snprintf'd too many characters: %d", ret
);
1106 goto out_fini_handler
;
1109 FILE *f
= fopen(buf
, "r");
1111 SYSERROR("couldn't read restore's children file %s", buf
);
1112 goto out_fini_handler
;
1115 ret
= fscanf(f
, "%d", (int*) &handler
->pid
);
1118 ERROR("reading restore pid failed");
1119 goto out_fini_handler
;
1122 if (lxc_set_state(c
->name
, handler
, RUNNING
)) {
1123 ERROR("error setting running state after restore");
1124 goto out_fini_handler
;
1128 ERROR("CRIU was killed with signal %d", WTERMSIG(status
));
1129 goto out_fini_handler
;
1134 ret
= lxc_write_nointr(status_pipe
, &status
, sizeof(status
));
1138 if (sizeof(status
) != ret
) {
1139 SYSERROR("failed to write all of status");
1140 goto out_fini_handler
;
1144 * See comment in lxcapi_start; we don't care if these
1145 * fail because it's just a beauty thing. We just
1146 * assign the return here to silence potential.
1148 ret
= snprintf(title
, sizeof(title
), "[lxc monitor] %s %s", c
->config_path
, c
->name
);
1149 if (ret
< 0 || (size_t)ret
>= sizeof(title
))
1150 INFO("Setting truncated process name");
1152 ret
= setproctitle(title
);
1154 INFO("Failed to set process name");
1156 ret
= lxc_poll(c
->name
, handler
);
1158 lxc_abort(c
->name
, handler
);
1159 lxc_fini(c
->name
, handler
);
1169 lxc_fini(c
->name
, handler
);
1172 if (status_pipe
>= 0) {
1173 /* ensure getting here was a failure, e.g. if we failed to
1174 * parse the child pid or something, even after a successful
1180 if (lxc_write_nointr(status_pipe
, &status
, sizeof(status
)) != sizeof(status
))
1181 SYSERROR("writing status failed");
1185 _exit(EXIT_FAILURE
);
1188 static int save_tty_major_minor(char *directory
, struct lxc_container
*c
, char *tty_id
, int len
)
1191 char path
[PATH_MAX
];
1195 if (c
->lxc_conf
->console
.path
&& !strcmp(c
->lxc_conf
->console
.path
, "none")) {
1200 ret
= snprintf(path
, sizeof(path
), "/proc/%d/root/dev/console", c
->init_pid(c
));
1201 if (ret
< 0 || ret
>= sizeof(path
)) {
1202 ERROR("snprintf'd too many characters: %d", ret
);
1206 ret
= stat(path
, &sb
);
1208 SYSERROR("stat of %s failed", path
);
1212 ret
= snprintf(path
, sizeof(path
), "%s/tty.info", directory
);
1213 if (ret
< 0 || ret
>= sizeof(path
)) {
1214 ERROR("snprintf'd too many characters: %d", ret
);
1218 ret
= snprintf(tty_id
, len
, "tty[%llx:%llx]",
1219 (long long unsigned) sb
.st_rdev
,
1220 (long long unsigned) sb
.st_dev
);
1221 if (ret
< 0 || ret
>= sizeof(path
)) {
1222 ERROR("snprintf'd too many characters: %d", ret
);
1226 f
= fopen(path
, "w");
1228 SYSERROR("failed to open %s", path
);
1232 ret
= fprintf(f
, "%s", tty_id
);
1235 SYSERROR("failed to write to %s", path
);
1239 /* do one of either predump or a regular dump */
1240 static bool do_dump(struct lxc_container
*c
, char *mode
, struct migrate_opts
*opts
)
1245 char *criu_version
= NULL
;
1247 if (!criu_ok(c
, &criu_version
))
1250 ret
= pipe(criuout
);
1252 SYSERROR("pipe() failed");
1257 if (mkdir_p(opts
->directory
, 0700) < 0)
1262 SYSERROR("fork failed");
1267 struct criu_opts os
;
1268 struct cgroup_ops
*cgroup_ops
;
1272 cgroup_ops
= cgroup_init(c
->lxc_conf
);
1274 ERROR("failed to cgroup_init()");
1275 _exit(EXIT_FAILURE
);
1278 os
.pipefd
= criuout
[1];
1282 os
.console_name
= c
->lxc_conf
->console
.path
;
1283 os
.criu_version
= criu_version
;
1286 ret
= save_tty_major_minor(opts
->directory
, c
, os
.tty_id
, sizeof(os
.tty_id
));
1289 _exit(EXIT_FAILURE
);
1292 /* exec_criu() returning is an error */
1293 exec_criu(cgroup_ops
, c
->lxc_conf
, &os
);
1295 _exit(EXIT_FAILURE
);
1303 pid_t w
= waitpid(pid
, &status
, 0);
1305 SYSERROR("waitpid");
1311 n
= lxc_read_nointr(criuout
[0], buf
, sizeof(buf
));
1318 if (n
== sizeof(buf
))
1323 if (WIFEXITED(status
)) {
1324 if (WEXITSTATUS(status
)) {
1325 ERROR("dump failed with %d", WEXITSTATUS(status
));
1330 } else if (WIFSIGNALED(status
)) {
1331 ERROR("dump signaled with %d", WTERMSIG(status
));
1334 ERROR("unknown dump exit %d", status
);
1339 ERROR("criu output: %s", buf
);
1347 rmdir(opts
->directory
);
1352 bool __criu_pre_dump(struct lxc_container
*c
, struct migrate_opts
*opts
)
1354 return do_dump(c
, "pre-dump", opts
);
1357 bool __criu_dump(struct lxc_container
*c
, struct migrate_opts
*opts
)
1359 char path
[PATH_MAX
];
1362 ret
= snprintf(path
, sizeof(path
), "%s/inventory.img", opts
->directory
);
1363 if (ret
< 0 || ret
>= sizeof(path
))
1366 if (access(path
, F_OK
) == 0) {
1367 ERROR("please use a fresh directory for the dump directory");
1371 return do_dump(c
, "dump", opts
);
1374 bool __criu_restore(struct lxc_container
*c
, struct migrate_opts
*opts
)
1379 char *criu_version
= NULL
;
1382 ERROR("Must be root to restore");
1387 ERROR("failed to create pipe");
1391 if (!criu_ok(c
, &criu_version
)) {
1407 /* this never returns */
1408 do_restore(c
, pipefd
[1], opts
, criu_version
);
1414 nread
= lxc_read_nointr(pipefd
[0], &status
, sizeof(status
));
1416 if (sizeof(status
) != nread
) {
1417 ERROR("reading status from pipe failed");
1421 /* If the criu process was killed or exited nonzero, wait() for the
1422 * handler, since the restore process died. Otherwise, we don't need to
1423 * wait, since the child becomes the monitor process.
1425 if (!WIFEXITED(status
) || WEXITSTATUS(status
))
1430 if (wait_for_pid(pid
))
1431 ERROR("restore process died");